openfin-onchain

Warn

Audited by Snyk on May 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly calls external public provider endpoints (e.g., GET /token/metadata, /token/portfolio, /token/price using providers like Alchemy, Moralis, Helius, SolScan, Uniblock) and requires the agent to read that token/NFT/metadata (including decimals, logos, raw provider payloads) which can materially affect amount scaling and send decisions, so it consumes untrusted third‑party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly provides on-chain transfer (write) capabilities: it exposes POST /onchain/send and an embedded caller wallet that can perform same-chain transfers of native tokens, ERC‑20, SOL, SPL, with triggers like "send X to Y", "transfer USDC to wallet 0x…", and "pay 50 USDC". It returns tx hashes/signatures and requires an API key. This is a purpose-built crypto payment/transfer tool (wallet + send endpoint), not a generic API caller or browser automation, so it grants direct financial execution authority.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 07:58 PM
Issues
2
Security Audit — snyk — openfin-onchain